1 /* packet-omapi.c
2  * ISC OMAPI (Object Management API) dissector
3  * Copyright 2006, Jaap Keuter <jaap.keuter@xs4all.nl>
4  *
5  * Wireshark - Network traffic analyzer
6  * By Gerald Combs <gerald@wireshark.org>
7  * Copyright 1998 Gerald Combs
8  *
9  * SPDX-License-Identifier: GPL-2.0-or-later
10  */
11 
12 /*
13  * From the description api+protocol.
14  * All fields are 32 bit unless stated otherwise.
15  *
16  * On startup, each side sends a status message indicating what version
17  * of the protocol they are speaking. The status message looks like this:
18  * +---------+---------+
19  * | version | hlength |
20  * +---------+---------+
21  *
22  * The fixed-length header consists of:
23  * +--------+----+--------+----+-----+---------+------------+------------+-----+
24  * | authid | op | handle | id | rid | authlen | msg values | obj values | sig |
25  * +--------+----+--------+----+-----+---------+------v-----+-----v------+--v--+
26  * NOTE: real life capture shows order to be: authid, authlen, opcode, handle...
27  *
28  * The message and object values consists of:
29  * +---------+------+----------+-------+
30  * | namelen | name | valuelen | value |
31  * +---16b---+--v---+----------+---v---+
32  */
33 
34 #include "config.h"
35 
36 #include <epan/packet.h>
37 #include <epan/ptvcursor.h>
38 
39 void proto_register_omapi(void);
40 void proto_reg_handoff_omapi(void);
41 
42 static int proto_omapi = -1;
43 static int hf_omapi_version = -1;
44 static int hf_omapi_hlength = -1;
45 static int hf_omapi_auth_id = -1;
46 static int hf_omapi_auth_len = -1;
47 static int hf_omapi_opcode = -1;
48 static int hf_omapi_handle = -1;
49 static int hf_omapi_id = -1;
50 static int hf_omapi_rid = -1;
51 static int hf_omapi_msg_name_len = -1; /* 16bit */
52 static int hf_omapi_msg_name = -1;
53 static int hf_omapi_msg_value_len = -1;
54 static int hf_omapi_msg_value = -1;
55 static int hf_omapi_obj_name_len = -1; /* 16bit */
56 static int hf_omapi_obj_name = -1;
57 static int hf_omapi_obj_value_len = -1;
58 static int hf_omapi_obj_value = -1;
59 static int hf_omapi_signature = -1;
60 
61 /* Generated from convert_proto_tree_add_text.pl */
62 static int hf_omapi_empty_string = -1;
63 static int hf_omapi_object_end_tag = -1;
64 static int hf_omapi_message_end_tag = -1;
65 static int hf_omapi_no_value = -1;
66 
67 static gint ett_omapi = -1;
68 
69 #define OMAPI_PORT 7911 /* Not IANA registered */
70 
71 #define OP_OPEN             1
72 #define OP_REFRESH          2
73 #define OP_UPDATE           3
74 #define OP_NOTIFY           4
75 #define OP_ERROR            5
76 #define OP_DELETE           6
77 #define OP_NOTIFY_CANCEL    7
78 #define OP_NOTIFY_CANCELLED 8
79 
80 static const value_string omapi_opcode_vals[] = {
81   { OP_OPEN,             "Open" },
82   { OP_REFRESH,          "Refresh" },
83   { OP_UPDATE,           "Update" },
84   { OP_NOTIFY,           "Notify" },
85   { OP_ERROR,            "Error" },
86   { OP_DELETE,           "Delete" },
87   { OP_NOTIFY_CANCEL,    "Notify cancel" },
88   { OP_NOTIFY_CANCELLED, "Notify cancelled" },
89   { 0, NULL }
90 };
91 
92 static int
dissect_omapi(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data _U_)93 dissect_omapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
94 {
95   proto_item  *ti;
96   proto_tree  *omapi_tree;
97   ptvcursor_t *cursor;
98 
99   guint32 authlength;
100   guint32 msglength;
101   guint32 objlength;
102 
103     /* Payload too small for OMAPI */
104   if (tvb_reported_length_remaining(tvb, 0) < 8)
105     return 0;
106 
107   col_set_str(pinfo->cinfo, COL_PROTOCOL, "OMAPI");
108 
109   col_clear(pinfo->cinfo, COL_INFO);
110 
111   ti = proto_tree_add_item(tree, proto_omapi, tvb, 0, -1, ENC_NA);
112   omapi_tree = proto_item_add_subtree(ti, ett_omapi);
113   cursor = ptvcursor_new(pinfo->pool, omapi_tree, tvb, 0);
114 
115   if (tvb_reported_length_remaining(tvb, 0) < 24)
116   {
117     /* This is a startup message */
118     ptvcursor_add(cursor, hf_omapi_version, 4, ENC_BIG_ENDIAN);
119     ptvcursor_add(cursor, hf_omapi_hlength, 4, ENC_BIG_ENDIAN);
120 
121     col_set_str(pinfo->cinfo, COL_INFO, "Status message");
122     proto_item_append_text(ti, ", Status message");
123 
124     ptvcursor_free(cursor);
125     return 8;
126   }
127   else if ( !(tvb_get_ntohl(tvb, 8) || tvb_get_ntohl(tvb, 12)) )
128   {
129     /* This is a startup message, and more */
130     ptvcursor_add(cursor, hf_omapi_version, 4, ENC_BIG_ENDIAN);
131     ptvcursor_add(cursor, hf_omapi_hlength, 4, ENC_BIG_ENDIAN);
132 
133     col_append_str(pinfo->cinfo, COL_INFO, "Status message");
134 
135     proto_item_append_text(ti, ", Status message");
136   }
137 
138   ptvcursor_add(cursor, hf_omapi_auth_id, 4, ENC_BIG_ENDIAN);
139   authlength = tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor));
140   ptvcursor_add(cursor, hf_omapi_auth_len, 4, ENC_BIG_ENDIAN);
141 
142   col_append_sep_str(pinfo->cinfo, COL_INFO, NULL,
143       val_to_str(tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor)), omapi_opcode_vals, "Unknown opcode (0x%04x)"));
144 
145   proto_item_append_text(ti, ", Opcode: %s",
146     val_to_str(tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor)), omapi_opcode_vals, "Unknown opcode (0x%04x)"));
147 
148   ptvcursor_add(cursor, hf_omapi_opcode, 4, ENC_BIG_ENDIAN);
149   ptvcursor_add(cursor, hf_omapi_handle, 4, ENC_BIG_ENDIAN);
150   ptvcursor_add(cursor, hf_omapi_id, 4, ENC_BIG_ENDIAN);
151   ptvcursor_add(cursor, hf_omapi_rid, 4, ENC_BIG_ENDIAN);
152 
153   msglength = tvb_get_ntohs(tvb, ptvcursor_current_offset(cursor));
154   while (msglength)
155   {
156     ptvcursor_add(cursor, hf_omapi_msg_name_len, 2, ENC_BIG_ENDIAN);
157     ptvcursor_add(cursor, hf_omapi_msg_name, msglength, ENC_ASCII|ENC_NA);
158     msglength = tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor));
159     ptvcursor_add(cursor, hf_omapi_msg_value_len, 4, ENC_BIG_ENDIAN);
160 
161     if (msglength == 0)
162     {
163       proto_tree_add_item(omapi_tree, hf_omapi_empty_string, tvb, 0, 0, ENC_NA);
164     }
165     else if (msglength == (guint32)~0)
166     {
167       proto_tree_add_item(omapi_tree, hf_omapi_no_value, tvb, 0, 0, ENC_NA);
168     }
169     else
170     {
171       ptvcursor_add(cursor, hf_omapi_msg_value, msglength, ENC_ASCII|ENC_NA);
172     }
173 
174     msglength = tvb_get_ntohs(tvb, ptvcursor_current_offset(cursor));
175   }
176 
177   ptvcursor_add(cursor, hf_omapi_message_end_tag, 2, ENC_NA);
178 
179   objlength = tvb_get_ntohs(tvb, ptvcursor_current_offset(cursor));
180   while (objlength)
181   {
182     ptvcursor_add(cursor, hf_omapi_obj_name_len, 2, ENC_BIG_ENDIAN);
183     ptvcursor_add(cursor, hf_omapi_obj_name, objlength, ENC_ASCII|ENC_NA);
184     objlength = tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor));
185     ptvcursor_add(cursor, hf_omapi_obj_value_len, 4, ENC_BIG_ENDIAN);
186 
187     if (objlength == 0)
188     {
189       proto_tree_add_item(omapi_tree, hf_omapi_empty_string, tvb, 0, 0, ENC_NA);
190     }
191     else if (objlength == (guint32)~0)
192     {
193       proto_tree_add_item(omapi_tree, hf_omapi_no_value, tvb, 0, 0, ENC_NA);
194     }
195     else
196     {
197       ptvcursor_add(cursor, hf_omapi_obj_value, objlength, ENC_NA);
198     }
199 
200     objlength = tvb_get_ntohs(tvb, ptvcursor_current_offset(cursor));
201   }
202 
203   ptvcursor_add(cursor, hf_omapi_object_end_tag, 2, ENC_NA);
204 
205   if (authlength > 0) {
206     ptvcursor_add(cursor, hf_omapi_signature, authlength, ENC_NA);
207   }
208 
209   ptvcursor_free(cursor);
210   return tvb_captured_length(tvb);
211 }
212 
213 void
proto_register_omapi(void)214 proto_register_omapi(void)
215 {
216   static hf_register_info hf[] = {
217     { &hf_omapi_version,
218       { "Version", "omapi.version",
219         FT_UINT32, BASE_DEC, NULL, 0x0,
220         NULL, HFILL }},
221     { &hf_omapi_hlength,
222       { "Header length", "omapi.hlength",
223         FT_UINT32, BASE_DEC, NULL, 0x0,
224         NULL, HFILL }},
225     { &hf_omapi_auth_id,
226       { "Authentication ID", "omapi.authid",
227         FT_UINT32, BASE_DEC, NULL, 0x0,
228         NULL, HFILL }},
229     { &hf_omapi_auth_len,
230       { "Authentication length", "omapi.authlength",
231         FT_UINT32, BASE_DEC, NULL, 0x0,
232         NULL, HFILL }},
233     { &hf_omapi_opcode,
234       { "Opcode", "omapi.opcode",
235         FT_UINT32, BASE_DEC, VALS(omapi_opcode_vals), 0x0,
236         NULL, HFILL }},
237     { &hf_omapi_handle,
238       { "Handle", "omapi.handle",
239         FT_UINT32, BASE_DEC, NULL, 0x0,
240         NULL, HFILL }},
241     { &hf_omapi_id,
242       { "ID", "omapi.id",
243         FT_UINT32, BASE_DEC, NULL, 0x0,
244         NULL, HFILL }},
245     { &hf_omapi_rid,
246       { "Response ID", "omapi.rid",
247         FT_UINT32, BASE_DEC, NULL, 0x0,
248         NULL, HFILL }},
249     { &hf_omapi_msg_name_len,
250       { "Message name length", "omapi.msg_name_length",
251         FT_UINT16, BASE_DEC, NULL, 0x0,
252         NULL, HFILL }},
253     { &hf_omapi_msg_name,
254       { "Message name", "omapi.msg_name",
255         FT_STRING, BASE_NONE, NULL, 0x0,
256         NULL, HFILL }},
257     { &hf_omapi_msg_value_len,
258       { "Message value length", "omapi.msg_value_length",
259         FT_UINT32, BASE_DEC, NULL, 0x0,
260         NULL, HFILL }},
261     { &hf_omapi_msg_value,
262       { "Message value", "omapi.msg_value",
263         FT_STRING, BASE_NONE, NULL, 0x0,
264         NULL, HFILL }},
265     { &hf_omapi_obj_name_len,
266       { "Object name length", "omapi.obj_name_length",
267         FT_UINT16, BASE_DEC, NULL, 0x0,
268         NULL, HFILL }},
269     { &hf_omapi_obj_name,
270       { "Object name", "omapi.obj_name",
271         FT_STRING, BASE_NONE, NULL, 0x0,
272         NULL, HFILL }},
273     { &hf_omapi_obj_value_len,
274       { "Object value length", "omapi.object_value_length",
275         FT_UINT32, BASE_DEC, NULL, 0x0,
276         NULL, HFILL }},
277     { &hf_omapi_obj_value,
278       { "Object value", "omapi.obj_value",
279         FT_BYTES, BASE_NONE, NULL, 0x0,
280         NULL, HFILL }},
281     { &hf_omapi_signature,
282       { "Signature", "omapi.signature",
283         FT_BYTES, BASE_NONE, NULL, 0x0,
284         NULL, HFILL }},
285 
286       /* Generated from convert_proto_tree_add_text.pl */
287       { &hf_omapi_empty_string, { "Empty string", "omapi.empty_string", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
288       { &hf_omapi_no_value, { "No value", "omapi.no_value", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
289       { &hf_omapi_message_end_tag, { "Message end tag", "omapi.message_end_tag", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
290       { &hf_omapi_object_end_tag, { "Object end tag", "omapi.object_end_tag", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
291 
292   };
293 
294   static gint *ett[] = {
295     &ett_omapi
296   };
297 
298   proto_omapi = proto_register_protocol("ISC Object Management API", "OMAPI", "omapi");
299   proto_register_field_array(proto_omapi, hf, array_length(hf));
300   proto_register_subtree_array(ett, array_length(ett));
301 }
302 
303 void
proto_reg_handoff_omapi(void)304 proto_reg_handoff_omapi(void)
305 {
306   dissector_handle_t omapi_handle;
307 
308   omapi_handle = create_dissector_handle(dissect_omapi, proto_omapi);
309   dissector_add_uint_with_preference("tcp.port", OMAPI_PORT, omapi_handle);
310 }
311 
312 /*
313  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
314  *
315  * Local Variables:
316  * c-basic-offset: 2
317  * tab-width: 8
318  * indent-tabs-mode: nil
319  * End:
320  *
321  * ex: set shiftwidth=2 tabstop=8 expandtab:
322  * :indentSize=2:tabSize=8:noTabs=true:
323  */
324